Jobs
Snowflake Inc. logoSnowflake Inc.

Senior Penetration Tester

Build the future of data. Join the Snowflake team.

As a member of the Product Security Penetration Testing team, you’ll be responsible for finding vulnerabilities before the bad guys do, and raising the security bar across our suite of products. We are looking for a motivated, passionate security researcher who has a broad base of offensive security knowledge.

Our ideal candidate wakes up each morning thinking about new ways to abuse and break software. Their goal is to identify relevant security risks and help the business understand them so they can build effective defenses and protect Snowflake customers and their data.

RESPONSIBILITIES:

  • Perform penetration testing engagements against a diverse cloud environment and find vulnerabilities in software, systems, and networks
  • Develop tools, methodologies and infrastructure to support penetration testing engagements in a variety of cloud environments and novel platforms
  • Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics
  • Work with security and engineering teams to communicate findings, recommendations, and knowledge to key stakeholders
  • Play a leadership role in building an App Sec program that has a wide scope and impact

MINIMUM QUALIFICATIONS:

  • 5+ years experience pen testing services deployed in public cloud infrastructure
  • Solid understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
  • Expert understanding of software security architecture and design, threat modeling, code review, and mitigations for common application security issues
  • Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth
  • Deep familiarity with current offensive security practices, bug bounty programs, CTFs, fuzzing, and other pen test tools and techniques
  • Demonstrated ability to collaborate with other teams to achieve complex objectives

PREFERRED QUALIFICATIONS:

  • 7+ years experience working in an information security discipline
  • Ability to find and exploit bugs in:
    • C++, Java, JavaScript, Go, and Python
    • Kubernetes, AWS, GCP, or Azure
    • Memory management, namespaces, cgroups, etc.
  • Prior experience working in a high growth, cloud native technology company
  • Fluency in one or more programming or scripting languages: Java, Python, C++, Go
  • Have read and are capable of implementing ideas from “Site Reliability Engineering”, “Building Secure & Reliable Systems”, or “Engineering Trustworthy Systems”
  • Contributions to the security community, such as open source tools, research papers, conference talks, etc.

Cyber Security Jobs by Category

Full Time jobsJavascript jobsApplication Security jobs

Cyber Security Salaries

Full Time SalaryJavascript SalaryApplication Security Salary